Chapter 6. Enabling Custom Home Directories Using authconfig
/homeand the system is configured to create home directories the first time users log in, then these directories are created with the wrong permissions.
- Apply the correct SELinux context and permissions from the
/homedirectory to the home directory that is created on the local system. For example:
[root@server ~]# semanage fcontext -a -e /home /home/locale
- Install the
oddjob-mkhomedirpackage on the system.This package provides the
pam_oddjob_mkhomedir.solibrary, which the
authconfigcommand uses to create home directories. The
pam_oddjob_mkhomedir.solibrary, unlike the default
pam_mkhomedir.solibrary, can create SELinux labels.The
authconfigcommand automatically uses the
pam_oddjob_mkhomedir.solibrary if it is available. Otherwise, it will default to using
- Make sure the
oddjobdservice is running.
- Run the
authconfigcommand and enable home directories. In the command line, this is done through the
[root@server ~]# authconfig --enablemkhomedir --updateIn the UI, there is an option in the Advanced Options tab (Create home directories on the first login) to create a home directory automatically the first time that a user logs in.
Figure 6.1. Home Directory OptionThis option is beneficial with accounts that are managed centrally, such as with LDAP. However, this option should not be selected if a system like automount is used to manage user home directories.
[root@server ~]# semanage fcontext -a -e /home /home/locale # restorecon -R -v /home/locale